Hi We use ClamWin and hMail on our windows 2003 server. That works really well except for the interception of the PayPal receipts whenever a user buys something through PayPal.
It says:- Virus found: Receipt for Your Payment to Apus Corporation Pty Ltd

It only happens via PayPal. How can I prevent this?

Neil

sherpya

Joined: 22 Mar 2006

Posts: 898

Location: Italy

Posted: Sun Sep 14, 2008 11:36 pm

are you using phishing detection? you may need to disable it

megastrike

Joined: 14 Sep 2008

Posts: 2

Posted: Tue Jan 06, 2009 6:20 am

No it is not phishing as far as I can tell. The logs on the server indicate that hmail scanned the incoming message (using Clamwin) and found a virus (false). I also get these false virus detections when a member responds to a question.

Or.... is there a phishing filter in clamwin somewhere that I can turn off. Is there a way to add a whitelist?

You can exclude a file from ClamWin scheduled scans (but not from an individual scan) by listing the file in Preferences, Filters, on the left-hand side of the page. Use something like: filename.ext and that should work.

You can whitelist file also, but the Filters option might be better, as it is easier to change. Some whitelist info is below, but it might not be current. Do some Googling first if you want to try it. I think whitelisting will exclude it from all scans.

"2.5 Whitelist databases
To whitelist a specific file use the MD5 signature format and place it inside a
database file with the extension of .fp.
To whitelist a specific signature inside main.cvd add the following entry into
daily.ign or a local file local.ign:
db_name:line_number:signature_name"

If you have a known false positive (check it out on Jotti or VirusTotal first), submit the file to Clam. Fill out the form on the Clam submission page at http://www.clamav.net/sendvirus/ on the web.